how to restrict unauthorized user to access network
If all of PCs used fixed IP address, and I have the MAC-IP mapping table for all of the PCs, How can I restrict unauthorized PCs ( these PCs not in my MAP-IP mapping table ) to access network ? We don't want to use layer 2 switch port security function. The following is my solution :
I try to setup static ARP entries for all of these PCs, I also setup static ARP entries for un-used IP addresses ( IP addresses not used by these PCs ) but the MAC address for un-used IP addresses are not real. The reason is for limit someone try to connect unauthorized PC, setup a temp IP address to access to network.
But this solution have some limitation, we have up to 3000 PCs, my Layer 3 switch ( Catalyst 6509 ) can not setup so many static ARP entries.
Is there any good idea for my question? ( all of my edge switch is Catalyst 3524 )
Re: how to restrict unauthorized user to access network
A good idea is port security. ;-) It's 1,000 times easier than what you're proposing.
Even better is VMPS (which is basically dynamic port security in your case) if your 6509 is running CatOS (IOS switches can't act as a VMPS Server). Though I also don't know offhand if 3524's support the VMPS Client feature.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.